Skip to main content

Privacy policy of Impect GmbH – Website

The protection of your personal data is important to us. With this privacy policy, we would like to explain to you in more detail what personal data we collect from you and for what purpose the data is used.

1. Controller and Contact

Die Datenschutzerklärung der Impect G

Impect GmbH
Siegburger Str. 149-151

50679 Cologne

Before and hereinafter referred to as “Impect” or “we”.

If you have any questions or suggestions on the subject of data protection, please feel free to contact us by e-mail at the following address: info@impect.com.

You can also contact our data protection officer:

Hans-Georg Sienz

e-mail: datenschutz@emes-consulting.com

phone:  +49 2206 / 9104 31 0

Any data subject can contact our data protection officer directly at any time with any questions or suggestions regarding data protection.

2. Subject matter of data protection

The subject matter of data protection is personal data. According to Art. 4 No. 1 GDPR, personal data is any information about an identified or identifiable natural person; this includes, for example, the name or identification numbers.

3. Automated data collection

When accessing our services, your end device automatically transmits data for technical reasons. The following data is stored separately from other data that you may transmit to us:

  • IP address
  • URL of the requested page
  • Date and time

We store this data for the following purposes:

  • Load balancing, i.e. to distribute access to our services across several devices and to be able to offer you the fastest possible loading times;
  • Ensuring the security of our IT systems, e.g. to defend against specific attacks on our systems and to identify attack patterns;
  • Ensuring the proper operation of our IT systems, e.g. if errors occur that we can only rectify by storing the IP address;
  • Enabling law enforcement, averting of dager or legal prosecution in the case of concrete indications of criminal offences;

Your IP address is only stored for a period of 14 days.

In this case, the processing is carried out on the basis of our predominant legitimate interests mentioned above (Art. 6(1) lit. f GDPR).

4. Contact / Inquiriesn

If you contact us e.g. via the provided contact details on our website (in particular via e-mail), we will process your contact data and information transmitted with it for the purpose of handling your inquiry.

Your personal data is processed for the purpose / legitimate interest of processing your request based on Art. 6(1) lit. b or lit. f GDPR.

We store inquiries and associated personal data no longer than needed in order to fulfil the respective aforementioned purpose. After that, your inquiries will be deleted unless we are obligated by law to retain them for a longer period. We base the storage of your contact data (i) on Art. 6(1) lit. b GDPR where it is necessary for carrying out necessary steps prior to a contract and for the performance of the respective contractual relationship, (ii) on Art. 6(1) lit. f GDPR where we pursue our overriding legitimate interest in handling customer requests, documenting our business operations and protecting our legal positions and, if necessary, (iii) on the fulfilment of legal obligations in case statutory retention obligations apply (Art. 6(1) lit. c GDPR).

5. Job applications

If you apply to us for a position, we will process your contact information, application documents and the information contained therein in order to handle your application and/or to decide on the establishment of an employment relationship. Such data processing is carried out on the legal basis of Art. 6(1) lit. b GDPR and Section 26(1) of the German Federal Data Protection Act (BDSG) and, in case sensitive data pursuant to Art. 9 GDPR is contained in the application documents, additionally on the basis of Art. 9(2) lit. b GDPR and Section 26(3) BDSG.

If we are unable to offer you a position, your application documents will generally be stored for up to two months after the conclusion of the respective application process in order to be able to answer queries in connection with your application. Further storage may take place if this is necessary for the legitimate interests in and purposes of handling your application or to preserve and provide evidence (Art. 6(1) lit. f GDPR).

Otherwise, we only store your applicant data if you have expressly consented to this (Art. 6(1) lit. a GDPR). You can withdraw your consent at any time with effect for the future. For this purpose, you can, for example, contact the above-mentioned contact details. A withdrawal does not affect the processing that took place until your withdrawal.

6. Service Providers

In order to provide the website and the services contained therein, we may engage service providers (in particular for the hosting of this website) which therefore may also process your personal data when you use our website.

Most of these service providers are contractually bound to only process such personal data on behalf of Impect and are located (i) within the EU/EEA, (ii) in countries for which the EU Commission has officially recognised the existence of an adequate level of data protection, including the US insofar as the data recipients participate in the EU-U.S. Data Privacy Framework.

Where this is not the case or if service providers themselves engage sub-contractors your personal data may potentially be transferred to third countries (i.e. countries outside of the EU/EEA without an adequate level of data protection).

All of our service providers are, however, obligated to solely process in or transfer any of your personal data to third countries in case the additional requirements for international data transfers enshrined in Art. 44 et. seq. of the GDPR are complied with, predominantly by concluding EU Standard Contractual Clauses and, if required, implement additional measures in order to establish an adequate level of data protection. The EU Standard Contractual Clauses are model contracts provided by the EU Commission which – if required – together with additional measures are intended to ensure that your personal data are processed in accordance with European data protection standards even if the processing takes place outside the EU/EEA.

7. Disclosure of data

Apart from the above, your personal data will not be passed on, with the exception of transfers to data processors, without your express prior consent, except in the cases mentioned below:

  • If it is necessary for the clarification of an illegal use of our services or for legal proceedings, personal data will be forwarded to the law enforcement authorities as well as to injured third parties if applicable. However, this only happens if there are concrete indications of illegal or abusive behaviour. Data may also be passed on if this serves to enforce terms of use or other agreements. We are also legally obligated to provide information to certain public authorities on request. These are criminal prosecution authorities, authorities that pursue administrative offences for which fines have been imposed and the tax authorities.

This data is passed on the basis of our legitimate interest in combating abuse, prosecuting criminal offences and securing, asserting and enforcing claims and that your rights and interests in the protection of your personal data do not prevail, Art.  6(1) lit. f GDPR, or due to a legal obligation under Art. 6(1) lit. c GDPR.

  • We disclose personal data to auditors, accounting service providers, lawyers, banks, tax advisors and similar bodies insofar as this is necessary for the provision of our services (Art. 6(1) lit. b GDPR) or the proper operation of our business, including the enforcement of or defence against legal claims and legal proceedings (Art. 6(1) lit. f GDPR) or if we are obligated to do so (Art. 6(1) lit. c GDPR).

8. Automated individual decisions or profiling measures

We do not process your data for decisions based on automated processing to make a decision about you or for profiling.

9. Deletion of your data

Unless stated otherwise, we will delete or anonymize your personal data as soon as it is no longer necessary for the purposes for which we collected or used it in accordance with the above paragraphs. Generally, we store your personal data for the duration of the usage or contractual relationship plus the applicable limitation period, as well as for a period of 4 weeks, during which we store backup copies after the end of the contract. We also continue to store your data if we are obligated to do so for legal reasons or if the data is required for a longer period for criminal prosecution or to secure, assert or enforce legal claims.

If data must be retained for legal reasons, the processing is restricted. The data is then no longer available for further use.

The storage of data beyond the contractual relationship pursuant to Art. 6(1) lit. b GDPR and Section 26(1) BDSG is based on our aforementioned legitimate interests according to Art. 6(1) lit. f GDPR, or on the basis of our legal storage obligations according to Art. 6(1) lit. c GDPR.

10. Your rights as a data subject

As a person affected by the processing of personal data, you have a right of access to the processed data, a right to rectify your personal data, a right to erasure of your personal data, a right to restrict the processing of your personal data and a right to data portability.

In addition, you have the right to object at any time, for reasons relating to your particular situation, to the processing of your personal data if the data processing is based on legitimate interests of Impect or a third party pursuant to Art. 6(1) lit. f GDPR (including profiling) or if data is processed for direct marketing purposes in accordance with Art. 21(2) GDPR.

In the case of consent, you have the right to withdraw your consent at any time, Art. 7(3) 1 GDPR. The lawfulness of the processing carried out until your withdrawal is not affected by this.

You also have the right to lodge complaints with a supervisory authority.

Finally, we would like to point out that we process the personal data provided by you when exercising your rights pursuant to Art. 15 to 22 of the GDPR for the purpose of granting you your rights and in order to be able to provide evidence thereof. This processing is based on the legal basis of Art. 6(1) lit. c GDPR.

11. Public information regarding the processing of personal data of football players

Impect collects personal data of football players from publicly available sources to analyse and generate metrics and comprehensive analytics. The personal data includes master data (name, position, club history etc) and event and performance data (match statistics like number of goals, passes etc). These insights are utilised to provide our customers with advanced scouting tools and analytical services. For a detailed description of Impect’s products, including the “Scouting Platform” and the “Analysis Platform”, please refer to here.

Providing the concerned data subjects with this information involves a disproportionate effort for Impect because given the variety of data sources, the great amount of football players potentially affected (including on the amateur level, which can easily lead to several millions of players) and the fact that Impect usually does not have any contact details for these players, it is hardly possible for Impect to de facto inform all data subjects in accordance with Art. 14(1) and (2) GDPR. Thus, the involved effort for us would be exorbitantly high (if providing such information was possible at all). On the other hand, your information interest as concerned football player is rather low here: We only collect and process data that relates to you in your role as a football player and that can be retrieved either from video material of football matches (which are public events expected to be observed and recorded) or from reports and other information available on the internet. As such the processed information constitutes publicly available and non-sensitive information. Also, data subjects can reasonably expect that their personal data may be processed for this purpose (cf. recital 47 sentence 3 GDPR), as it is common practice for football games, even in amateur leagues, to be filmed and analysed by analytics companies. Football players are generally aware of this and often benefit from such analysis, aligning their interests with Impect’s legitimate interest to some extent.

The processing of this data is based on our legitimate interests under Article 6(1) lit. f GDPR to provide our products and services to customers, particularly our “Scouting Platform” and “Analysis Platform”. Given the public nature of the source material, the absence of sensitive personal information, the reasonable expectations of and benefits for the concerned football players, the data subject’s interest in protecting their personal data does not override our aforementioned legitimate interest.

In case of such processing of your personal data that are carried out on basis of our aforementioned legitimate interest, you have the right to object against such processing of your personal data at any time for reasons resulting from your specific situation (cf. section 10).

In this context, we may act as joint controllers as per Art. 26 GDPR together with our platform users (clubs, agents, scouts etc.) regarding the processing of personal football player data on our platform. We have concluded an agreement with our platform users in accordance with Art. 26 GDPR, which we will share with you upon request (for contact details cf. section 1). The agreement defines the respective tasks and responsibilities for fulfilling the obligations under the GDPR with regard to joint controllership. You may exercise your data subject rights against us as well as against all other joint controllers. We have agreed with our platform users that we are the contact point for the exercise of data subject rights under Art. 15-20 GDPR in relation to processing activities under joint controllership.

12. Changes to this privacy policy

The current version of this privacy policy is always available at https://www.impect.com/en/datenschutz/.

Status: 14. August 2025